Wired Intelligent Edge

I am enabling RPVST on Aruba 8400 core switch for one of my customers as this is the mode in other switches and I have two questions:

- When enabling RPVST on Aruba CX switches, there are no instances by default. is this similar to disabling STP? so switch will be vulnerable to loops in this case with no way to detect or prevent them? 

BWY-8400X(config)# spanning-tree mode rpvst
BWY-8400X(config)# show spanning-tree
Spanning tree status : Enabled Protocol: RPVST
Extended System-id : Enabled
Ignore PVID Inconsistency : Disabled
Path cost method : Long
RPVST-MSTP Interconnect VLAN : 1
Current Virtual Ports Count : 0
Maximum Allowed Virtual Ports : 2048
No STP instance present.

2- To create spanning tree instances, I need to list all VLANs in this command

BWY-8400X(config)# spanning-tree vlan <vlan list>

I tried to use all or <1-4094> but this didn't work. IS there any way to activate RPVST on all active VLANs without listing them one by one in this command? I have more than 50 VLANs and they are not contiguous. 

Thank you,

------------------------------
Ahmad Enaya
------------------------------

1- correct. Even enable, RPVST will not be active on any VLAN if the VLAN is not configured for RPVST.
It is not similar to disabling STP as the spanning-process is started; it is simply not communicating to any node.

2- If you have contiguous vlan (ex: vlan 10 to VLAN 99), you can use the command
spanning-tree vlan 10-99

However, this command does not work if you have non contiguous VLANs.
For non-contiguous VLANs, just enter the list of VLANs in a single command like below:

switch-A(config)# sh vlan

--------------------------------------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
--------------------------------------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default lag256
1115 VLAN1115 up ok static lag1,lag256
1125 VLAN1125 up ok static lag2,lag256


switch-A(config)# spanning-tree vlan 1,1115,1125



------------------------------
Vincent Giles
------------------------------

Original Message:
Sent: Jan 17, 2021 08:10 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

I am enabling RPVST on Aruba 8400 core switch for one of my customers as this is the mode in other switches and I have two questions:

- When enabling RPVST on Aruba CX switches, there are no instances by default. is this similar to disabling STP? so switch will be vulnerable to loops in this case with no way to detect or prevent them? 

BWY-8400X(config)# spanning-tree mode rpvst
BWY-8400X(config)# show spanning-tree
Spanning tree status : Enabled Protocol: RPVST
Extended System-id : Enabled
Ignore PVID Inconsistency : Disabled
Path cost method : Long
RPVST-MSTP Interconnect VLAN : 1
Current Virtual Ports Count : 0
Maximum Allowed Virtual Ports : 2048
No STP instance present.

2- To create spanning tree instances, I need to list all VLANs in this command

BWY-8400X(config)# spanning-tree vlan <vlan list>

I tried to use all or <1-4094> but this didn't work. IS there any way to activate RPVST on all active VLANs without listing them one by one in this command? I have more than 50 VLANs and they are not contiguous. 

Thank you,

------------------------------
Ahmad Enaya
------------------------------

if BPDUs are not sent and not processed on this VLAN then this is the same as disabling spanning tree. Potential loops can affect traffic in this VLAN and this Aruba CX switch wont have any mechanism to detect loops or protect from loops if BPDUs are not exchanged with other switches on this VLAN. isn't it?

------------------------------
Ahmad Enaya
------------------------------

Original Message:
Sent: Jan 18, 2021 05:56 AM
From: Vincent Giles
Subject: Configuring rpvst on Aruba CX switches

1- correct. Even enable, RPVST will not be active on any VLAN if the VLAN is not configured for RPVST.
It is not similar to disabling STP as the spanning-process is started; it is simply not communicating to any node.

2- If you have contiguous vlan (ex: vlan 10 to VLAN 99), you can use the command
spanning-tree vlan 10-99

However, this command does not work if you have non contiguous VLANs.
For non-contiguous VLANs, just enter the list of VLANs in a single command like below:

switch-A(config)# sh vlan

--------------------------------------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
--------------------------------------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default lag256
1115 VLAN1115 up ok static lag1,lag256
1125 VLAN1125 up ok static lag2,lag256


switch-A(config)# spanning-tree vlan 1,1115,1125



------------------------------
Vincent Giles

Original Message:
Sent: Jan 17, 2021 08:10 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

I am enabling RPVST on Aruba 8400 core switch for one of my customers as this is the mode in other switches and I have two questions:

- When enabling RPVST on Aruba CX switches, there are no instances by default. is this similar to disabling STP? so switch will be vulnerable to loops in this case with no way to detect or prevent them? 

BWY-8400X(config)# spanning-tree mode rpvst
BWY-8400X(config)# show spanning-tree
Spanning tree status : Enabled Protocol: RPVST
Extended System-id : Enabled
Ignore PVID Inconsistency : Disabled
Path cost method : Long
RPVST-MSTP Interconnect VLAN : 1
Current Virtual Ports Count : 0
Maximum Allowed Virtual Ports : 2048
No STP instance present.

2- To create spanning tree instances, I need to list all VLANs in this command

BWY-8400X(config)# spanning-tree vlan <vlan list>

I tried to use all or <1-4094> but this didn't work. IS there any way to activate RPVST on all active VLANs without listing them one by one in this command? I have more than 50 VLANs and they are not contiguous. 

Thank you,

------------------------------
Ahmad Enaya
------------------------------

I don't get your point. Just enable spanning-tree on these VLANs then.

------------------------------
Vincent Giles
------------------------------

Original Message:
Sent: Jan 25, 2021 11:54 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

if BPDUs are not sent and not processed on this VLAN then this is the same as disabling spanning tree. Potential loops can affect traffic in this VLAN and this Aruba CX switch wont have any mechanism to detect loops or protect from loops if BPDUs are not exchanged with other switches on this VLAN. isn't it?

------------------------------
Ahmad Enaya

Original Message:
Sent: Jan 18, 2021 05:56 AM
From: Vincent Giles
Subject: Configuring rpvst on Aruba CX switches

1- correct. Even enable, RPVST will not be active on any VLAN if the VLAN is not configured for RPVST.
It is not similar to disabling STP as the spanning-process is started; it is simply not communicating to any node.

2- If you have contiguous vlan (ex: vlan 10 to VLAN 99), you can use the command
spanning-tree vlan 10-99

However, this command does not work if you have non contiguous VLANs.
For non-contiguous VLANs, just enter the list of VLANs in a single command like below:

switch-A(config)# sh vlan

--------------------------------------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
--------------------------------------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default lag256
1115 VLAN1115 up ok static lag1,lag256
1125 VLAN1125 up ok static lag2,lag256


switch-A(config)# spanning-tree vlan 1,1115,1125



------------------------------
Vincent Giles

Original Message:
Sent: Jan 17, 2021 08:10 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

I am enabling RPVST on Aruba 8400 core switch for one of my customers as this is the mode in other switches and I have two questions:

- When enabling RPVST on Aruba CX switches, there are no instances by default. is this similar to disabling STP? so switch will be vulnerable to loops in this case with no way to detect or prevent them? 

BWY-8400X(config)# spanning-tree mode rpvst
BWY-8400X(config)# show spanning-tree
Spanning tree status : Enabled Protocol: RPVST
Extended System-id : Enabled
Ignore PVID Inconsistency : Disabled
Path cost method : Long
RPVST-MSTP Interconnect VLAN : 1
Current Virtual Ports Count : 0
Maximum Allowed Virtual Ports : 2048
No STP instance present.

2- To create spanning tree instances, I need to list all VLANs in this command

BWY-8400X(config)# spanning-tree vlan <vlan list>

I tried to use all or <1-4094> but this didn't work. IS there any way to activate RPVST on all active VLANs without listing them one by one in this command? I have more than 50 VLANs and they are not contiguous. 

Thank you,

------------------------------
Ahmad Enaya
------------------------------

I am involved in a large scale deployment of AOS-CX switches and we are asking the exact same question. Google lead me here.

With Cisco, you can specify VLANs 1-4094 (or any non-contiguous range of VLANs) when specifying them in the RPVST instance, regardless of whether the VLAN has been created on the switch yet or not.

What if an engineer pushes a VLAN out to 300 switches via Aruba Central or Net-Edit but forgets to add the VLAN to the spanning-tree instance? It's a ticking time bomb...

Even if the engineer does remember to add the VLAN to the spanning-tree instance, for a split second you are in a forwarding state.

------------------------------
Regards,

Brett V
------------------------------

Original Message:
Sent: Jan 25, 2021 01:19 PM
From: Vincent Giles
Subject: Configuring rpvst on Aruba CX switches

I don't get your point. Just enable spanning-tree on these VLANs then.

------------------------------
Vincent Giles

Original Message:
Sent: Jan 25, 2021 11:54 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

if BPDUs are not sent and not processed on this VLAN then this is the same as disabling spanning tree. Potential loops can affect traffic in this VLAN and this Aruba CX switch wont have any mechanism to detect loops or protect from loops if BPDUs are not exchanged with other switches on this VLAN. isn't it?

------------------------------
Ahmad Enaya

Original Message:
Sent: Jan 18, 2021 05:56 AM
From: Vincent Giles
Subject: Configuring rpvst on Aruba CX switches

1- correct. Even enable, RPVST will not be active on any VLAN if the VLAN is not configured for RPVST.
It is not similar to disabling STP as the spanning-process is started; it is simply not communicating to any node.

2- If you have contiguous vlan (ex: vlan 10 to VLAN 99), you can use the command
spanning-tree vlan 10-99

However, this command does not work if you have non contiguous VLANs.
For non-contiguous VLANs, just enter the list of VLANs in a single command like below:

switch-A(config)# sh vlan

--------------------------------------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
--------------------------------------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default lag256
1115 VLAN1115 up ok static lag1,lag256
1125 VLAN1125 up ok static lag2,lag256


switch-A(config)# spanning-tree vlan 1,1115,1125



------------------------------
Vincent Giles

Original Message:
Sent: Jan 17, 2021 08:10 AM
From: Ahmad Enaya
Subject: Configuring rpvst on Aruba CX switches

I am enabling RPVST on Aruba 8400 core switch for one of my customers as this is the mode in other switches and I have two questions:

- When enabling RPVST on Aruba CX switches, there are no instances by default. is this similar to disabling STP? so switch will be vulnerable to loops in this case with no way to detect or prevent them? 

BWY-8400X(config)# spanning-tree mode rpvst
BWY-8400X(config)# show spanning-tree
Spanning tree status : Enabled Protocol: RPVST
Extended System-id : Enabled
Ignore PVID Inconsistency : Disabled
Path cost method : Long
RPVST-MSTP Interconnect VLAN : 1
Current Virtual Ports Count : 0
Maximum Allowed Virtual Ports : 2048
No STP instance present.

2- To create spanning tree instances, I need to list all VLANs in this command

BWY-8400X(config)# spanning-tree vlan <vlan list>

I tried to use all or <1-4094> but this didn't work. IS there any way to activate RPVST on all active VLANs without listing them one by one in this command? I have more than 50 VLANs and they are not contiguous. 

Thank you,

------------------------------
Ahmad Enaya
------------------------------